HackDig : Dig high-quality web security articles for hacker

It’s been nearly six months since the WannaCry ransomware stole global headlines and thousands of security practitioners flocked to threat intelligence feeds to help streamline their investigations. While the security community has learned many valuable lessons from the attack, it’s impossible to say that a strike of this magnitude won’t ha

Security management can be proactive or reactive depending on each organization’s risk appetite. When attacks are made public, things change, and learning from threats becomes a requirement for both C-suite members and security leaders.
WannaCry, NotPetya and Industroyer are some of the most recently analyzed malware pieces. Apart from corporate networ

Endpoint attacks can come from any direction and many sources. Just consider the reported vulnerabilities found in Apache Struts and the damage caused by WannaCry and Petya. Companies need to stay one step ahead of endpoint attacks, but they struggle due to a lack of visibility of endpoint status, the complexity of investigations and ineffective remediation.

The IBM X-Force Vulnerability Database (XFDB), which holds over 100,000 publicly disclosed vulnerabilities, is chock-full of insights concerning the cybersecurity threat landscape. Much of the data is publicly available directly on the IBM X-Force Exchange platform and can be accessed by users anytime.
In reviewing the database on an ongoing basis, the IBM

Full disclosure: I would not eat guacamole for years because a certain puppet-centric movie I saw as a child had me convinced that it was actually made of frog brains. Once in college, however, seeing guacamole being made completely changed my opinion — unlike a sausage-making demonstration in a rather unfortunate public speaking class that same year of coll

In early August 2017, FBI agents in Las Vegas arrested 23-year-old British security researcher Marcus Hutchins on suspicion of authoring and/or selling “Kronos,” a strain of malware designed to steal online banking credentials. Hutchins was virtually unknown to most in the security community until May 2017 when the U.K. media revealed him as the

Over the past few months, we have seen widespread attacks such as NotPetya and WannaCry cripple organizations at record scale and speed, either for monetary gain or with the sole purpose of causing destruction. In their wake, many professionals are assessing what these new threats mean for their security strategies, infrastructures and policies. As a point o

One of the fundamental problems with cybersecurity is that organizations often do not realize when they are compromised. Traditional incident response methods are typically reactive, forcing security teams to wait for a visible sign of an attack. The problem is that many attacks today are stealthy, targeted and data-focused.
Just stop for a moment to ask you

Cybercriminals and their tactics are becoming increasingly sophisticated. Given the rash of widespread, devastating attacks thus far in 2017, this trend shows no signs of slowing down.
It’s no longer enough to simply implement incident response solutions. Today’s threats require a dedicated team of security experts to maximize these tools with

As both a parent and a bit of a nerd, I have a lot of corny jokes in my arsenal that cover a wide range of topics including animals, food, science fiction and the like. One of my favorite jokes comes from my data science background: “I never metadata I didn’t like.” This joke has it all: wordplay, the spirit of a joke your uncle might tell

For the past few years, the security industry has seen a gradual move away from traditional, resource-heavy endpoint protection agents to next-generation solutions in response to the increasing sophistication of malware, cybercriminal tactics and the threat landscape at large.
Traditional host intrusion detection systems (HIDS) built on signature-based det

I have been working in the field of cyber security and related areas for over 20 years. In that time there have been many cyber incidents. Those that instantly spring to mind include the ‘I Love You’ virus, the OpenSSL security vulnerability ‘HeartBleed’, and the viral worm ‘Nimbda’. All of them are consumer level awareness incidents that became, if no

Often, at the end of a project, especially a long and complicated one, there will be a ‘lessons learned’ session held. These sessions usually bring together either the internal team or consortia teams, to discuss what went wrong and what went right with the project.The discussions are a way of analyzing events. If done well, they can give future projec

by Lorin Wu
Trend Micro researchers detected a new SLocker variant that mimics the GUI of the WannaCry crypto-ransomware on the Android platform. Detected as ANDROIDOS_SLOCKER.OPSCB, this new SLocker mobile ransomware variant features new routines that utilize features of the Chinese social network QQ, along with persistent screen-locking capabilities.
SLock

A major global cyber attack has the potential to trigger $53 billion of economic losses, the equivalent to a natural disaster like 2012’s Superstorm Sandy.
Events like the massive Wannacry attack or the Ukraine power outage raise the discussion about the possible economic losses caused by a cyber attack.
According to a new report published by the Lloyd’